Hi Juanjo,
Thanks, maybe what i was not able to highlight is what I wanted actually to
say. I have the feeling that the IDM as such is not the problem, but that -
for several reasons - we realize most of the issues only when we introduce
things into production. We should avoid that, because this forces all of us
to rush and get more stressed - because something is online changing a bit,
and other things need to adapts.
The issue with putting in production the IDM could be the same for any
other component indeed. Sure it is more evident because it is a central
component. So maybe we miss a more coordinated sort of continuous
integration process that could help us in foresee better such issues, I
don't know, just an idea... but of course this requires more efforts... and
if the people managing this are the ones that already try to solve 90% of
the problem, we will indeed just create another problem, because honestly I
don't think we can give more than this xD
Federico
On Fri, May 8, 2015 at 9:27 AM, Juanjo Hierro <
juanjose.hierro at telefonica.com> wrote:
> Hi,
>
> Yesterday night we decided some actions that will help to overcome some
> issues users were going to experience. In particular, the fact that there
> is a long queue of users who have applied to become Community Users but
> haven't being answered yet. They had stopped seeing the nodes where they
> had their VMs and they would remain like that until their request is
> served. If, for whatever reason, the coaches and the responsibles of
> nodes were not enough agile, there would be users who would stay days
> without seeing their VMs and not clue whether they have lost them
> forever. This was not admisible. You helped to identify this problem.
>
> We agreed to go for a quick&dirty solution: we allowed those users in
> the queue to see all the nodes. They will become a short of "privileged"
> users while they are on the queue, but we took that decision because it is
> better that they see all the nodes than they don't their previous node just
> Spain-2. Besides, we sent an email to all the users telling them that
> they may see all the nodes as the result of the migration but they
> shouldn't use any node different than the one they were already using. We
> hope they will follow that recomendation.
>
> Then, we asked all coaches and responsible of nodes to quickly serve the
> queues of requests for becoming Community Users (please Alvaro or Fernando,
> confirm this is correct). Once they serve the queue of pending
> requests, we should not have "privileged" users any longer ("privileged"
> users would turn into "Trial Users" because their application to upgrade
> was rejected, or "Community Users" because their application request was
> accepted). Those "privileged" users who will remain once all requests
> have been served (these may be users who didn't formulate a request) would
> also be transformed into "Trial Users". After this process, no
> "privileged" users would remain and question had been solved.
>
> Please Federico and Stefano, put pressure on coaches and responsible of
> nodes to serve the requests for upgrading user accounts as soon as
> possible. This would help to approach the final target status as soon as
> possible.
>
> As per regard the issue about using types of grants for authorization
> which are not longer supported in the new version of the IdM GE, Alvaro
> sent an email to all users, notifying them what to do. It may be a little
> unconvenient for some users (e.g., the developers of the infografic pannel)
> but we believe there won't be so many users affected. UPM will try to
> implement support to the other two grant types as soon as possible, but we
> decided that it was acceptable asking users to change the type of grant
> they use.
>
> I hope I have been able to capture everything. If Fernando or Alvaro
> need to amend something I have said, please do so.
>
> I believe we are doing overall fine, although we have always to try
> improving. I also personally thank Fernando and Alvaro for their
> availability yesterday night to meet over the phone and implement the
> necessary actions to solve the issues we were facing.
>
> Let's not get frustrated !
>
> Best regards,
>
> -- Juanjo
>
>
>
>
> On 08/05/15 07:42, Federico Michele Facca wrote:
>
> Hi Alvaro,
> let me start saing that I do know you are doing your best, and honestly I
> believe the responsability is not yours: it lays on all of us.
>
> We need to plan more careful and assert better actions, because of
> course you cannot know everything as other developers relying on the idm
> cannot as well. The frustration is not toward you, it's general in the
> feeling that we are always underestimating actions and their impacts and we
> always rush after fixing something. And we are all too busy with this to
> collaborate better on making things better.
>
> that's all :(
>
> Federico
>
>
>
> On Thu, May 7, 2015 at 9:59 PM, Álvaro Alonso <aalonsog at dit.upm.es> wrote:
>
>> Hi,
>>
>> I’ve just sent an email to the users reminding them that everything
>> works as before regarding oauth. Federico, honestly I didn’t know we
>> support that gran type, we have implemented the two that we included in the
>> documentation of the GE. So we thought that that was enough for be
>> compatible. Anyway if you need them, we are going to include the support
>> for the other ones. But sincerely, I’m sure too many users are using that
>> because it is not explained as supported in our documentation.
>>
>> Regarding the issue with the community users, we have sent several
>> massive notifications explaining the new situation with the accounts. I’ve
>> also sent you an internal mail with the precise explanation so I thought it
>> was so clear. I agree with you in the fact that users that sent the
>> community application and have not been added as community users yet (even
>> they are accepted) are not able to use the infraestructure in other regions
>> than spain2 until we add them. During the day of today I had not a minute
>> to process them. All I can do is start tomorrow morning explaining IOs how
>> to proceed with the insertion of the approved accounts and even help you
>> processing some of them.
>>
>> Believe me, we are doing our best for this.
>>
>> Hope this helps.
>>
>> BR
>> --
>> Álvaro
>>
>> El 07 May 2015, a las 21:09, JUAN JOSE HIERRO SUREDA <
>> juanjose.hierro at telefonica.com> escribió:
>>
>>
>> Gentlemen ... I can hardly believe that we are going through this ...
>> How was the migration procedure tested? One of the reasons why we delayed
>> deployment of the IdM until May was to allow proper testing of the new IdM
>> and the migration procedure ...
>>
>> Sorry but this requires immediate repair action ... I know that we are
>> not commiting a 24/7 SLA, but when so a big issue like this occurs, we have
>> to go the extra mile ...
>>
>> Alvaro? Could you tell us where we are at the moment?
>>
>> Sincerely speaking, we won't be able to afford one complete day out of
>> service ... All the credit we had been able to recover with our hard work
>> this last month will fly away ... I hope we all understand that ...
>>
>> I stay tunned tonight waiting to hear about progress ...
>>
>> Enviado desde mi iPad
>>
>> Inicio del mensaje reenviado:
>>
>> *De:* Federico Michele Facca <federico.facca at create-net.org>
>> *Fecha:* 7 de mayo de 2015 20:34:37 GMT+02:00
>> *Para:* Juanjo Hierro <juanjose.hierro at telefonica.com>
>> *Cc:* fernando <fernando.lopezaguilar at telefonica.com>
>> *Asunto:* *disruption in several idm based services*
>>
>> dear juanjo,
>> there are number of services that are not working anymore, because the
>> implemenation of oauth2 from the new idm and the supported grant are
>> different.
>> also we haven't informed users that they will need to wait that someone
>> apply the status to them and assign to a node in the idm... (i understand
>> alvaro, proposing the infrastructure to take care last night, since it is a
>> quite big load, but then we should have warned users and infrastructure to
>> be available today to fix that...) so we will get flooded with tickets
>> (already actually) xD
>>
>> i didn't suppose things going like this... honestly i am quite
>> frustrated :(
>>
>> tomorrow morning, i will ask the guys to have a look, but no gurantee
>> infographics and term and conditions will get back working shortly.
>>
>> federico
>> --
>> --
>> Future Internet is closer than you think!
>> http://www.fiware.org
>>
>> Official Mirantis partner for OpenStack Training
>> https://www.create-net.org/community/openstack-training
>>
>> --
>> Dr. Federico M. Facca
>>
>> CREATE-NET
>> Via alla Cascata 56/D
>> 38123 Povo Trento (Italy)
>>
>> P +39 0461 312471
>> M +39 334 6049758
>> E federico.facca at create-net.org
>> T @chicco785
>> W www.create-net.org
>>
>>
>> ------------------------------
>>
>> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
>> puede contener información privilegiada o confidencial y es para uso
>> exclusivo de la persona o entidad de destino. Si no es usted. el
>> destinatario indicado, queda notificado de que la lectura, utilización,
>> divulgación y/o copia sin autorización puede estar prohibida en virtud de
>> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
>> que nos lo comunique inmediatamente por esta misma vía y proceda a su
>> destrucción.
>>
>> The information contained in this transmission is privileged and
>> confidential information intended only for the use of the individual or
>> entity named above. If the reader of this message is not the intended
>> recipient, you are hereby notified that any dissemination, distribution or
>> copying of this communication is strictly prohibited. If you have received
>> this transmission in error, do not read it. Please immediately reply to the
>> sender that you have received this communication in error and then delete
>> it.
>>
>> Esta mensagem e seus anexos se dirigem exclusivamente ao seu
>> destinatário, pode conter informação privilegiada ou confidencial e é para
>> uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o
>> destinatário indicado, fica notificado de que a leitura, utilização,
>> divulgação e/ou cópia sem autorização pode estar proibida em virtude da
>> legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos
>> o comunique imediatamente por esta mesma via e proceda a sua destruição
>> _______________________________________________
>> Fiware-lab-recovery-tf mailing list
>> Fiware-lab-recovery-tf at lists.fiware.org
>> https://lists.fiware.org/listinfo/fiware-lab-recovery-tf
>>
>>
>>
>> _______________________________________________
>> Fiware-lab-recovery-tf mailing list
>> Fiware-lab-recovery-tf at lists.fiware.org
>> https://lists.fiware.org/listinfo/fiware-lab-recovery-tf
>>
>>
>
>
> --
> --
> Future Internet is closer than you think!
> http://www.fiware.org
>
> Official Mirantis partner for OpenStack Training
> https://www.create-net.org/community/openstack-training
>
> --
> Dr. Federico M. Facca
>
> CREATE-NET
> Via alla Cascata 56/D
> 38123 Povo Trento (Italy)
>
> P +39 0461 312471
> M +39 334 6049758
> E federico.facca at create-net.org
> T @chicco785
> W www.create-net.org
>
>
> --
>
> ______________________________________________________
>
> Coordinator and Chief Architect, FIWARE platform
> CTO Industrial IoT, Telefónica
>
> email: juanjose.hierro at telefonica.com
> twitter: @JuanjoHierro
>
> You can follow FIWARE at:
> website: http://www.fiware.org
> twitter: @FIWARE
> facebook: http://www.facebook.com/pages/FI-WARE/251366491587242
> linkedIn: http://www.linkedin.com/groups/FIWARE-4239932
>
>
> ------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>
--
--
Future Internet is closer than you think!
http://www.fiware.org
Official Mirantis partner for OpenStack Training
https://www.create-net.org/community/openstack-training
--
Dr. Federico M. Facca
CREATE-NET
Via alla Cascata 56/D
38123 Povo Trento (Italy)
P +39 0461 312471
M +39 334 6049758
E federico.facca at create-net.org
T @chicco785
W www.create-net.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-recovery-tf/attachments/20150508/fd8b8a07/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy